OIDC: Improve auth api logs and user verification #782

Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-12-12 00:34:13 +01:00 · 2024-07-04 10:24:10 +02:00
parent ed14877488
commit 3ecee16848
10 changed files with 167 additions and 51 deletions
--- a/pkg/clean/auth.go
+++ b/pkg/clean/auth.go
@@ -9,6 +9,7 @@ import (
 )

 var EmailRegexp = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
+var DomainRegexp = regexp.MustCompile("^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$")

 // Auth returns the sanitized authentication identifier trimmed to a maximum length of 255 characters.
 func Auth(s string) string {
@@ -115,6 +116,22 @@ func Email(s string) string {
 	return ""
 }

+// Domain returns the normalized domain name with trimmed whitespace and in lowercase.
+func Domain(s string) string {
+	// Empty or too long?
+	if s == "" || reject(s, txt.ClipName) {
+		return ""
+	}
+
+	s = strings.ToLower(strings.TrimSpace(s))
+
+	if DomainRegexp.MatchString(s) {
+		return s
+	}
+
+	return ""
+}
+
 // Role returns the sanitized role with trimmed whitespace and in lowercase.
 func Role(s string) string {
 	// Remove unwanted characters.